CVE-2014-3518Code Injection in Redhat Jboss Enterprise Application Platform

CWE-94Code InjectionCWE-306Missing Authentication for Critical Function5 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
1.7%
top 17.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Redhat Jboss Enterprise Application PlatformRedhat Jboss Enterprise Brms PlatformRedhat Jboss Enterprise Portal Platform+1 more
Timeline
PublishedJul 22
Latest updateMay 17

Description

jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

🔴Vulnerability Details

2
GHSA
GHSA-x7hh-cw6h-x3q4: jmx-remoting2022-05-17
CVEList
CVE-2014-3518: jmx-remoting2014-07-22

📋Vendor Advisories

1
Red Hat
5: Remote code execution via unauthenticated JMX/RMI connector2014-07-16

💬Community

1
Bugzilla
CVE-2014-3518 JBoss EAP/AS 5: Remote code execution via unauthenticated JMX/RMI connector2014-06-24
CVE-2014-3518 — Code Injection in Redhat | cvebase